Provisioning platform for machine-to-machine devices

ABSTRACT

Techniques described herein include a platform and process for provisioning user information onto a machine-to-machine device in order to enable the machine-to-machine device to conduct transactions utilizing the user information. In some embodiments, a user device is used to relay information between a machine-to-machine device and a provisioning service provider computer. In some embodiments, a machine-to-machine device is connected to the provisioning service provider computer via a network connection. Upon receiving a request to provision the machine-to-machine device, the service provider computer may identify the device from a device identifier. The service provider computer may generate an access credential or token for the machine-to-machine device. The access credential, token, and/or one or more policies may be provisioned onto the machine-to-machine device.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application is a continuation of U.S. Pat. Application No.14/955,716, filed Dec. 1, 2015, which claims the benefit of U.S.Provisional Application No. 62/091,097, filed Dec. 12, 2015, all ofwhich are herein incorporated by reference in their entirety for allpurposes.

BACKGROUND

Households typically include a number of appliances associated withgoods and services that are purchased by users on a regular basis. Forexample, consumers have refrigerators for storing food, gas meters formeasuring gas usage, electric meters for measuring power usage, andwater meters for measuring water usage. Consumers are ofteninconvenienced by regular paper bills associated with the goods andservices. More convenient ways to provide and/or obtain resources forappliances are needed.

Embodiments of the present invention address these problems and otherproblems, individually and collectively.

BRIEF SUMMARY

Embodiments of the invention can be applied to the “Internet of things”where machines can interact with other machines without humanintervention. In embodiments of the invention, machines can beprovisioned with access credentials such as payment account numbers orpayment tokens associated with payment account numbers. Such accesscredentials can be used by those machines to obtain (e.g., purchase)resources that are associated with those machines.

One embodiment of the invention is directed to a method of receiving, ata provisioning server computer, a device identifier associated with amachine-to-machine device and consumer information. The provisioningserver computer may then bind the device identifier to the consumerinformation. The provisioning server computer may then provision theconsumer information onto the machine-to-machine device.

Another embodiment of the invention is directed to a method. The methodcomprises receiving, at a service provider computer from a user device,a request to provision a first electronic device including a deviceidentifier associated with the first electronic device. The firstelectronic device is configured to interact with at least one secondelectronic device independent of human interaction. The method alsoincludes determining, by the service provider computer, based at leastin part on the user device, access credentials. The method also includesidentifying, by the service provider computer, based at least in part onthe access credentials and the device identifier, a policy set relevantto the first electronic device; determining, by the service providercomputer, from the access credentials, at least one access credential tobe associated with the device identifier, and then providing, by theservice provider computer, the at least one access credential to thefirst electronic device, the at least one access credential to be storedon the first electronic device and used to interact with the at leastone second electronic device.

Another embodiment of the inventon is directed to an electronic devicecomprising an input sensor configured to detect consumption of aresource, a processor, and a memory. The memory may include instructionsthat, when executed with the processor, cause the system to: receive,from a service provider computer, an access token and a policy; initiatea transaction in accordance with the policy by: establishing acommunication session with an electronic device that manages theresource; requesting access to the resource based at least in part onthe consumption of the resource detected by the input sensor; andproviding the access token to the electronic device.

Another embodment of the invention is directed to a method comprisingstoring, by a first electronic device; an access credential in a securememory in the first electronic device. The method also includesdetermining, by the first electronic device and without humanintervention, that a resource associated with the first electronicdevice needs to be obtained. Then, in response to determining that theresource needs to be obtained, the method includes transmitting theaccess credential to a second electronic device, the second electronicdevice operated by a resource provider. The resource provider thereafterconducts a transaction using the access credential and then provides theresource to the first electronic device without human intervention.

Further details regarding embodiments of the invention can be found inthe Detailed Description and the Figures.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 depicts an example system comprising a number of components inaccordance with at least some embodiments;

FIG. 2 depicts an illustrative example of a system or architecture inwhich techniques for provisioning a device with user-specificinformation may be implemented;

FIG. 3 depicts an illustrative example service layer data flow inaccordance with at least some embodiments;

FIG. 4 depicts a flow diagram illustrating an example technique forprovisioning a device with relevant information in accordance with atleast some embodiments;

FIG. 5 depicts a flow diagram illustrating a payment processingtechnique in accordance with at least some embodiments;

FIG. 6 depicts the use of a collection device to interact with aprovisioned machine-to-machine device in accordance with at least someembodiments; and

FIG. 7 depicts aspects of elements that may be present in a computerdevice and/or system configured to implement a method and/or process inaccordance with some embodiments of the present invention.

DETAILED DESCRIPTION

In the following description, various embodiments will be described. Forpurposes of explanation, specific configurations and details are setforth in order to provide a thorough understanding of the embodiments.However, it will also be apparent to one skilled in the art that theembodiments may be practiced without the specific details. Furthermore,well-known features may be omitted or simplified in order not to obscurethe embodiment being described.

Techniques described herein include a system and platform forprovisioning consumer information onto a machine-to-machine device sothat it may provide consumer information upon request. Also described isa platform in which transactions may be performed automatically by amachine-to-machine device using provisioned consumer information. Priorto discussing specific embodiments of the invention, some terms may bedescribed in detail.

A “service provider computer” may be a computer that is associated witha service provider. The service provider may provide any suitableservice. For example, the service provider may be a merchant, a utilitycompany, a payment processing network, a wallet provider, a merchant, anauthentication cloud, an acquirer, or an issuer.

A “user device” may be a device that is operated by a user. Examples ofuser devices may include a mobile phone, a smart phone, a personaldigital assistant (PDA), a laptop computer, a desktop computer, a servercomputer, a vehicle such as an automobile, a thin-client device, atablet PC, etc. Additionally, user devices may be any type of wearabletechnology device, such as a watch, earpiece, glasses, etc. The userdevice may include one or more processors capable of processing userinput. The user device may also include one or more input sensors forreceiving user input. As is known in the art, there are a variety ofinput sensors capable of detecting user input, such as accelerometers,cameras, microphones, etc. The user input obtained by the input sensorsmay be from a variety of data input types, including, but not limitedto, audio data, visual data, or biometric data. The user device maycomprise any electronic device that may be operated by a user, which mayalso provide remote communication capabilities to a network. Examples ofremote communication capabilities include using a mobile phone(wireless) network, wireless data network (e.g., 3G, 4G or similarnetworks), Wi-Fi, Wi-Max, or any other communication medium that mayprovide access to a network such as the Internet or a private network.

The term “provisioning” may include any preparation and/or configuringof a device to enable it to perform a function. For example,provisioning may include storing rules or instructions on a device todirect the device’s actions. In some embodiments, a device may beprovisioned with payment information associated with a user of thedevice. The payment information may enable the device to executetransactions on the user’s behalf without active input from the user.

A “device identifier” may include any suitable distinctive set ofcharacters used to identify a device. An exemplary device identifier mayinclude any suitable number or type of characters (e.g., numbers,graphics, symbols, or other information) that may uniquely represent adevice. By way of example, a device identifier may be a serial number,partial serial number, or device name or nickname. In some embodiments,a device identifier may be generated, based on a trusted hardware root.Additionally, the device identifier may be a temporary identifier for aparticular device, such as a network address at which the device may befound.

An “access credential” may be any data or portion of data used to gainaccess to a particular resource. In some embodiments, an accesscredential may be a login and/or password for a user account. In someembodiments, an access credential may be include account information ora token associated with the account information.

“Account data” may refer to any content of an account of a userconducting a transaction. In some embodiments, account data may bepayment account data that may be utilized to make a purchase. In otherembodiments, account data may be any content associated with a user’snon-financial account. For example, account data may include electronicfiles, photos, videos, and documents stored by the user’s account. Insome embodiments, account data may be stored by an authorizationcomputer.

“Account information” may refer to any information surrounding anaccount of a user. For example, account information may include accountdata and one or more account identifiers. In some embodiments, theaccount identifier may be a PAN or primary account number. The PAN maybe 14, 16, or 18 digits. Account information may also include anexpiration date associated with the account, as well as a service codeand/or verification values (e.g., CVV, CVV2, dCVV, and dCVV2 values).

A “policy set” may be a set of rules or configuration settings thatindicates one or more actions are allowed and/or should be performed. Insome cases, conditions upon which those actions are to be performed. Insome embodiments, a policy set may include conditional statements, suchas “if x_condition occurs, then perform y_action.” In some embodiments,a policy set may include a list of transactions that are allowed for aparticular electronic device or payment instrument. For example, aservice provider may identify, based on a device identifier, a type ofdevice that the policy set is related to. The service provider may thencreate a custom policy set for that device based on the device’s type.For example, upon determining that a device is a water meter, theservice provider may create a policy set for the water meter that onlyallows it to conduct transactions related to water usage. In thisexample, the policy set may be stored at the service provider inrelation to the water meter (or a payment instrument associated with thewater meter) and at least a portion of the policy set may be provisionedonto the water meter.

An “electronic device,” may be any device that accomplishes its purposeelectronically. An electronic device may have multiple functions. Forexample an electronic device may have a primary function and one or moresecondary functions. A primary function may be the function that mostclosely aligns with the electronic device’s purpose. An example of anelectronic device may be a machine-to-machine device.

A “machine-to-machine device” may be any suitable electronic devicecapable of communicating with, and/or interacting with other devices. Amachine-to-machine device may have a primary function that is unrelatedto communicating with other electronic devices. For example, amachine-to-machine device may be a refrigerator that, in addition topreserving food, is capable of interacting with one or more otherelectronic devices. In some embodiments, a machine-to-machine device maybe associated with a device identifier. The device identifier may beused by a service provider to determine the type of device for aparticular machine-to-machine device. Examples of machine-to-machinedevices may include gas and electric meters, refrigerators, lamps,thermostats, printers, automobiles, fire alarms, home medical devices,home alarms, motorcycles, boats, televisions, etc.

A “payment instrument” may be any device or data used for makingpayments. The payment instrument may be intangible (e.g., a softwaremodule or software application) or it may be a physical object. Asexamples of physical objects, the payment instrument may comprise asubstrate such as a paper or plastic card, and information that isprinted, embossed, encoded, or otherwise included at or near a surfaceof an object. A physical object may also be a hardware object, which mayinclude circuitry (e.g., permanent voltage values). An intangiblepayment instrument may relate to non-permanent data stored in the memoryof a hardware device. A payment instrument may be associated with avalue such as a monetary value, a discount, or store credit, and apayment instrument may be associated with an entity such as a bank, amerchant, a payment processing network, or a person. A paymentinstrument may be used to make a payment transaction.

A “token” may include an identifier for a payment account that is asubstitute for an account identifier, such as a primary account number(PAN). For example, a token may include a series of numeric and/oralphanumeric characters that may be used as a substitute for an originalaccount identifier. For example, a token “4900 0000 0000 0001” may beused in place of a PAN “4147 0900 0000 1234.” In some embodiments, atoken may be “format preserving” and may have a numeric format thatconforms to the account identifiers used in existing payment processingnetworks (e.g., ISO 8583 financial transaction message format). In someembodiments, a token may be used in place of a PAN to initiate,authorize, settle or resolve a payment transaction or represent theoriginal credential in other systems where the original credential wouldtypically be provided. In some embodiments, a token value may begenerated such that the recovery of the original PAN or other accountidentifier from the token value may not be computationally derived.Further, in some embodiments, the token format may be configured toallow the entity receiving the token to identify it as a token andrecognize the entity that issued the token. A token may be associatedwith a policy set.

In some embodiments, a set of payment tokens may be generated based upona single user account. This might be useful if all payments made usingthose tokens are to be tied to and paid from the same account. Forexample, a user may have a credit card account number. Separate tokens(e.g., account number substitutes) may be generated for the differentdevices in the user’s home. For instance, if the user has a washingmachine, refrigerator, and a thermostat, then three different tokens maybe generated and tied to the single credit card number. Whentransactions are conducted by these devices, all of the charges may bemade to the single credit card account number.

An “authorization request message” may be an electronic message thatrequests authorization for a transaction. In some embodiments, it issent to a transaction processing computer and/or an issuer of a paymentcard to request authorization for a transaction. An authorizationrequest message according to some embodiments may comply with ISO 8583,which is a standard for systems that exchange electronic transactioninformation associated with a payment made by a user using a paymentdevice or payment account. The authorization request message may includean issuer account identifier that may be associated with a paymentdevice or payment account. An authorization request message may alsocomprise additional data elements corresponding to “identificationinformation” including, by way of example only: a service code, a CVV(card verification value), a dCVV (dynamic card verification value), aPAN (primary account number or “account number”), a payment token, auser name, an expiration date, etc. An authorization request message mayalso comprise “transaction information,” such as any informationassociated with a current transaction, such as the transaction amount,merchant identifier, merchant location, acquirer bank identificationnumber (BIN), card acceptor ID, information identifying items beingpurchased, etc., as well as any other information that may be utilizedin determining whether to identify and/or authorize a transaction.

An “authorization response message” may be a message that responds to anauthorization request. In some cases, it may be an electronic messagereply to an authorization request message generated by an issuingfinancial institution or a transaction processing computer. Theauthorization response message may include, by way of example only, oneor more of the following status indicators: Approval --transaction wasapproved; Decline -- transaction was not approved; or Call Center--response pending more information, merchant must call the toll-freeauthorization phone number. The authorization response message may alsoinclude an authorization code, which may be a code that a credit cardissuing bank returns in response to an authorization request message inan electronic message (either directly or through the transactionprocessing computer) to the merchant’s access device (e.g. POSequipment) that indicates approval of the transaction. The code mayserve as proof of authorization. As noted above, in some embodiments, atransaction processing computer may generate or forward theauthorization response message to the merchant.

A “server computer” may include a powerful computer or cluster ofcomputers. For example, the server computer can be a large mainframe, aminicomputer cluster, or a group of servers functioning as a unit. Inone example, the server computer may be a database server coupled to aWeb server. The server computer may be coupled to a database and mayinclude any hardware, software, other logic, or combination of thepreceding for servicing the requests from one or more client computers.The server computer may comprise one or more computational apparatusesand may use any of a variety of computing structures, arrangements, andcompilations for servicing the requests from one or more clientcomputers.

In at least some embodiments of the invention, a user device may beutilized to detect local machine-to-machine devices. For example, theuser device may be configured to perform a device discovery action thatidentifies all communicatively enabled electronic devices within rangeof the user device. By way of illustration, a user device may detect allelectronic devices that are connected to WiFi within range of the userdevice. Once detected, the user device may receive a selection of atleast one of the machine-to-machine devices from a user of the userdevice. In some embodiments of the disclosure, the user device mayestablish a connection with the selected machine-to-machine device andreceive information related to the machine-to-machine device. In someembodiments, an additional step of authenticating that a user owns themachine-to-machine device may be required by the machine-to-machinedevice in order to establish a connection. For example, the user may berequired to enter a password for the machine-to-machine device or pressa button located on the machine-to-machine device. Information relatedto the machine-to-machine device may be presented by the user devicewithin a graphical user interface executed from the user device. Theuser device may also establish a connection with a service providercomputer that maintains and executes provisioning activities. In someembodiments, upon selection of the machine-to-machine device by theuser, the service provider computer may send consumer information to theuser device, which may subsequently be relayed by the user device to themachine-to-machine device. In this way, the consumer information may beprovisioned onto the machine-to-machine device. The consumer informationmay include an access credential, consumer identifier, and/or policy setinformation.

In at least some embodiments, a user may connect to a service providercomputer without first connecting to a machine-to-machine device. Theuser may provide, via the graphical user interface executed on the userdevice, a device identifier, such as a device name or device location(e.g., an Internet Protocol address), to the service provider computer.In some embodiments, the user may also provide consumer information(such as payment information) to be provisioned onto the device. In someembodiments, the consumer information may be stored at the serviceprovider computer in relation to an account associated with the user.Once a device identifier has been provided to the service providercomputer, the service provider computer may locate the device using oneor more network connections and provision the device. In some cases, theuser may also provide authentication information for themachine-to-machine device to the service provider. For example, the usermay provide the service provider computer with a password to access themachine-to-machine device.

Once a machine-to-machine device has been provisioned with consumerinformation, the machine-to-machine device may perform one or moretransactions using the consumer information. For example, an electronicdevice may send a request to the machine-to-machine device for somepiece of consumer data. The machine-to-machine device may then consult apolicy set regarding distribution of the piece of consumer data. If thedistribution of the consumer data is identified by the policy set asbeing allowed, then the machine-to-machine device may respond to thereceived request with the consumer information. In another example, themachine-to-machine device may advertise the identity of the consumer asthe machine-to-machine device’s owner.

FIG. 1 depicts an example system 100 comprising a number of componentsin accordance with at least some embodiments. A user device 120, aservice provider computer 150, and one or more machine-to-machinedevices (e.g., smart refrigerator 130, water meter 132, gas meter 134,and electric meter 136) may all be in direct or indirect communicationwith one another via a network connection 130, a wireless router 140, acell tower 145, or any other suitable means of communication.

As noted above, a machine-to-machine device may be any device capable ofcommunicating with, and/or interacting with other devices. Eachmachine-to-machine device may be configured to perform one or morefunctions unrelated to the device’s ability to interact. For example,the smart refrigerator 130 (one example of the M2M or machine-to-machinedevice) may comprise both refrigeration and computing capabilities.Although the smart refrigerator 130 is primarily utilized as a means ofstoring and refrigerating food, it has secondary functions that allow itto communicate with other devices, making it a machine-to-machinedevice. The machine-to-machine device may include a device identifier,which may be provided by a manufacturer of the machine-to-machinedevice. The device identifier may serve as a communication address forthe machine-to-machine device, and it may be a secure device identifierbased on a trusted hardware root of trust (so thatintegrity/confidentiality can be protected). In some embodiments, themanufacturer may be a trusted issuer of confidentially protected deviceidentifiers.

The machine-to-machine device may include a secure execution environmentsuch as a secure memory (e.g., Smartcard based technology available inlow-power devices). In some embodiments, the secure memory may include asecure element. A secure element (SE) can be a tamper-resistant platform(typically a one chip secure microcontroller) capable of securelyhosting applications and their confidential and cryptographic data (e.g.key management) in accordance with the rules and security requirementsset forth by a set of well-identified trusted authorities.

Information provisioned by the service provider computer 150 onto themachine-to-machine device may be stored in the secure memory. Themachine-to-machine device may include secure key storage to protect dataat rest and encryption keys (i.e. a shared secret). The encryption keyscould be unique-derived keys (UDKs), which can be derived from useraccount information and other unique information. The machine-to-machinedevice may also store instructions for communicating with other devicesand/or instructions for initiating a payment transaction.

In some embodiments, the machine-to-machine device may be able tocommunicate wirelessly with the wireless router 140, the user device120, and/or the cell tower 145 (e.g., via Wifi, Bluetooth (classic andBLE or Bluetooth Low Energy), IR, GSM, etc.). Also, themachine-to-machine device may be able to access the Internet via thewireless router 140, the user device 120, and/or the cell tower 145 inorder to communicate with the service provider computer 150. Forexample, in the absence of direct connectivity (e.g., WWAN, GSM), themachine-to-machine device may connect with local devices (e.g., wirelessrouter 140, user device 120 which can act as a hotspot, etc.) and relyon the devices for Internet connectivity and communication. Accordingly,the machine-to-machine device may be remotely accessible by otherdevices, and further it may include a user interface for managementpurposes (such as card activation and provisioning of information).

In some embodiments, the communication technology used by themachine-to-machine device may depend on the type of power source used bythe machine-to-machine device. For example, if the machine-to-machinedevice has access to a regular, external power supply (e.g., as iscommon for smart refrigerators and other devices such as washer/driers,garage doors, cars, etc.) it may include a WiFi interface.Alternatively, if the machine-to-machine device relies on a batteryinstead of an external power supply, it may include a means forcommunication that consumes less power, such as low power Bluetoothinterface, a ZigBee interface, a near field communication (NFC) or radiofrequency (RF) interface, or any other suitable wireless accessinterface.

In some embodiments, the machine-to-machine device may instead be anyother device that provides a household function. As noted above, FIG. 1includes several devices such as a smart refrigerator 130, a water meter132, a gas meter 134, and an electric meter 136. However, furtherexamples of a household device include a television, lamp, fire alarm,home medical device, home alarm, washer/drier, garage door, car, and anyother suitable device.

The service provider computer 150 may be configured to provisioninformation onto the machine-to-machine device. In some embodiments, theinformation being provisioned onto the machine-to-machine device by theservice provider computer 150 may be payment information. In someembodiments, the service provider computer 150 may be associated with anissuer of a payment instrument, a payment processing network associatedwith the payment instrument, a trusted third party, a digital walletprovider, a token server computer, and/or any other suitable entity.

FIG. 2 depicts an illustrative example of a system or architecture 200in which techniques for provisioning a device with user-specificinformation may be implemented. In architecture 200, one or moreconsumers and/or users 202 may utilize user devices 204. In someexamples, the user devices 204 may be in communication with a serviceprovider 206 via the network(s) 208, or via other network connections.

Each user device 204 may include one or more processors 210 capable ofprocessing user input. The user device 204 may also include one or moreinput sensors 212 for receiving user input. As is known in the art,there are a variety of input sensors 212 capable of detecting userinput, such as accelerometers, cameras, microphones, etc. The user inputobtained by the input sensors may be from a variety of data input types,including, but not limited to, audio data, visual data, or biometricdata. Embodiments of the application on the user device 204 may bestored and executed from its memory 214.

Turning to the contents of the memory 214 in more detail, the memory 214may include a browser application 216. The memory 214 may also includean interface layer 218 that is capable of enabling user interaction withthe service provider and/or a machine-to-machine (M2M) device 220.Although sample architecture 200 depicts an interface layer 218 as beingincluded in the contents of the memory 214 of the user device 204, someembodiments may not include an interface layer 218 in memory 214 of theuser device 204. In those embodiments in which the interface layer 218is not included in memory 214, input received by the input sensors 212may instead be processed by the service provider 206. This will bedescribed in detail below.

In some embodiments, the interface layer 218 may be configured to enableuser interaction with the service provider 206 and/or one or moremachine-to-machine devices 220. For example, the interface layer 218 maybe configured to allow a user to initiate a device discover process. Inthis process, the user device 204 may identify a number ofmachine-to-machine devices 220 within its vicinity. A number of devicediscovery techniques are known in the art for performing such a devicediscovery. Once the user device 204 has identified one or moremachine-to-machine devices 220, the user may be given the ability tointeract with the discovered devices. In some embodiments, the user maybe required to authenticate that he or she has physical access to thedevice prior to being given the ability to interact with themachine-to-machine devices 220. For example, the user may be required topress a button on the device, input a password, or perform any othersuitable authentication technique. In some embodiments, the interfacelayer 218 may allow the user device 204 to communicate with both theservice provider 206 and the machine-to-machine devices 220simultaneously. In some embodiments, the service provider may provisionthe machine-to-machine devices 220 with information using the connectionestablished between the machine-to-machine devices 220 and the userdevice 204 and the connection established between the user device 204and the service provider 206. In some embodiments, the interface layer218 may allow a user to provision at least some information to themachine-to-machine devices 220 directly.

In some examples, the network(s) 208 may include any one or acombination of many different types of networks, such as cable networks,the Internet, wireless networks, cellular networks, and other privateand/or public networks. While the illustrated example represents theusers 202 accessing the service provider 206 via browser application 216over the network(s) 208, the described techniques may equally apply ininstances where the users 202 interact with a service provider 206 viathe user device 204 over a landline phone, via a kiosk, or in any othermanner. It is also noted that the described techniques may apply inother client/server arrangements (e.g., set-top boxes, etc.), as well asin non-client/server arrangements (e.g., locally stored applications,peer to-peer systems, etc.).

As described briefly above, the browser application 216 may allow theusers 202 to interact with a service provider computer 206, such as tostore, access, and/or manage data, develop and/or deploy computerapplications, and/or interact with web content. The one or more serviceprovider computers 206, perhaps arranged in a cluster of servers or as aserver farm, may be configured to host a website (or combination ofwebsites) viewable via the user device 204 or a web browser accessibleby a user device 204 via the browser application 216. Although depictedin memory of the user device 204 in this example, in some embodimentsthe browser application 216 may be hosted at a server. For example, theuser device 204 may be a thin client device capable of accessing abrowser application 216 remotely. The browser application 216 may becapable of handling requests from many users 202 and serving, inresponse, various user interfaces that can be rendered at the userdevice 204 such as, but not limited to, a web site. The browserapplication 216 may be any type of application or interface thatsupports user interaction with a website, including those with userinteraction, such as social networking sites, electronic retailers,informational sites, blog sites, search engine sites, news andentertainment sites, and so forth. As discussed above, the describedtechniques can similarly be implemented outside of the browserapplication 216, such as with other applications running on the userdevice 204. In some embodiments, the browser application 216 may be theinterface layer 218.

In one illustrative configuration, the service provider computer 206 mayinclude at least one memory 222 and one or more processing units (orprocessor(s)) 222. The processor(s) 222 may be implemented asappropriate in hardware, computer-executable instructions, firmware orcombinations thereof. Computer-executable instructions or firmwareimplementations of the processor(s) 222 may include computer-executableor machine executable instructions written in any suitable programminglanguage to perform the various functions described.

The memory 222 may store program instructions that are loadable andexecutable on the processor(s) 222, as well as data generated during theexecution of these programs. Depending on the configuration and type ofservice provider computer 206, the memory 222 may be volatile (such asrandom access memory (RAM)) and/or non-volatile (such as read-onlymemory (ROM), flash memory, etc.). The service provider computer 206 mayalso include additional storage 226, such as either removable storage ornon-removable storage including, but not limited to, magnetic storage,optical disks, and/or tape storage. The disk drives and their associatedcomputer-readable media may provide non-volatile storage ofcomputer-readable instructions, data structures, program modules, andother data for the computing devices. In some implementations, thememory 222 may include multiple different types of memory, such asstatic random access memory (SRAM), dynamic random access memory (DRAM)or ROM. Turning to the contents of the memory 222 in more detail, thememory 222 may include an operating system 228 and one or moreapplication programs or services for implementing the features disclosedherein including at least a module for generating payment tokens and/orprovisioning information (e.g., payment tokens and payment rules) onto amachine-to-machine device 220 (service layer 230). The memory 222 mayalso include provisioning data 232, which provides provisioning rulesfor each device as well as token information. In some embodiments, theprovisioning data 232 may be stored in a database.

The memory 222 and the additional storage 226, both removable andnon-removable, are examples of computer-readable storage media. Forexample, computer-readable storage media may include volatile ornon-volatile, removable or non-removable media implemented in any methodor technology for storage of information such as computer-readableinstructions, data structures, program modules or other data. As usedherein, modules may refer to programming modules executed by computingsystems (e.g., processors) that are part of the user device 204 or theservice provider 206. The service provider computer 206 may also containcommunications connection(s) 234 that allow the service providercomputer 206 to communicate with a stored database, another computingdevice or server, user terminals, and/or other devices on the network(s)208. The service provider computer 206 may also include input/output(I/O) device(s) and/or ports 236, such as for enabling connection with akeyboard, a mouse, a pen, a voice input device, a touch input device, adisplay, speakers, a printer, etc.

Turning to the contents of the memory 222 in more detail, the memory 222may include an operating system 228, a database containing provisioningdata 232 and the one or more application programs or services forimplementing the features disclosed herein, including a service layer230.

In some embodiments, the service layer 230 may be configured to receivedata from the interface layer 218 and provision the machine-to-machinedevice 220. In a first illustrative example, a user 202 may send, viathe user device 204 and a connection over network 208, an instruction tothe service layer 230 to associate a particular machine-to-machinedevice 220 with the user. In this example, the user may provide a deviceidentifier associated with the machine-to-machine device 220 to theservice layer 230. The user may also provide an indication of a paymentinstrument with which to associate the machine-to-machine device 220. Inthis example, the service layer 230 may utilize network connection 208to identify a machine-to-machine device 220 matching the deviceidentifier. Once identified, the service layer 230 may provision thedevice with information related to the user or the user’s account withthe service provider. In a second illustrative example, the user 202 mayconnect to, via a user device 204 and a connection over network 208, themachine-to-machine device 220 and the service layer 230 simultaneously.In this example, the service layer 230 may provision themachine-to-machine device 220 with information using the connectionbetween the service provider and the user device and the connectionbetween the user device and the machine-to-machine device 220.

Provisioning data 230 may be predetermined or it may be dynamicallygenerated. For example, the service provider computer 206 may generate apayment token upon receiving a request to provision a particular device.In this example, the generated token may be stored at the serviceprovider in provisioning data 230 as well as being provisioned to themachine-to-machine device 220. In addition, a rule set may be generatedthat is specific to a user and a device. For example, the user may electa particular brand of dish detergent that he or she prefers. In thisexample, the user may also elect to provision a smart dishwasher. Theservice provider may then generate a payment token for the dishwasher touse that is associated with a payment device owned by the user, as wellas a set of rules to be associated with the payment token. The rules mayindicate that the payment token may only be used to purchase dishdetergent, and may even indicate that the payment token may only be usedto purchase the specified brand of dish detergent.

A machine-to-machine device 220 may be any device capable ofcommunicating with, and/or interacting with other devices, but isconfigured to perform a primary function unrelated to communicating withother devices. In some embodiments, the machine-to-machine device 220may be a device used to monitor resource consumption. For example, themachine-to-machine device 220 may include a number of input sensorscapable of detecting an amount of resource being consumed. By way ofillustration, the machine-to-machine device 220 may be a water meter,gas meter, electricity meter, or other utility monitoring device. Insome embodiments, the machine-to-machine device 220 may be a deviceconfigured to dispense a product or perform a service. For example, themachine-to-machine device 220 may be a vending machine or a clothingwashing machine.

A machine-to-machine device 220 may include memory and one or moreprocessors for storing and executing programmatic instructions. Themachine-to-machine device 220 may include a device layer 238 configuredto enable interaction between the service layer 230 of the serviceprovider 206 and the programmatic instructions stored on themachine-to-machine device 220. The device layer 238 may include a secureexecution environment such as a secure memory (e.g., smartcard-basedtechnology available in low-power devices). In some embodiments, themachine-to-machine device 220 may also include a secure storage 240(e.g., secure key storage) and one or more policy sets 242. Policy set242 may include instructions for communicating with other devices, rulesindicating what transactions are allowed, instructions for initiating apayment transaction and/or any other suitable information. The policyset may also include a set of conditional instructions for determiningan action to be taken by the machine-to-machine device 220 and underwhat conditions the action should be taken. By way of illustrativeexample, a machine-to-machine device 220 may be provisioned with paymenttoken information, a policy restricting use of the provided paymenttoken, and a policy conditioning a payment upon an event. In thisexample, the machine-to-machine device 220 would, upon detection of theevent, execute a payment transaction in accordance with the restrictiveuse policy.

FIG. 3 depicts an illustrative example service layer data flow inaccordance with at least some embodiments. In FIG. 3 , service layer 230is depicted as being an example service layer 230 of FIG. 2 . Servicelayer 230 may include a device identification module 302 configured toidentify a machine-to-machine device to be provisioned and establish acommunication session with the device. In the device identificationmodule 302, a request processor 304 may receive a request from a userdevice to provision a machine-to-machine device. The request processor304 may have access to account information database 306. Accountinformation database 306 may include various user information related toa user account. For example, the account information database 306 mayinclude a user’s demographic information, payment information, deviceinformation, or any other suitable user-related information.

Device identification module 302 may also establish a communicationsession with a machine-to-machine device via one or more communicationchannels 308. In some embodiments, the user device may be in directcommunication with the machine-to-machine device to be provisioned. Theservice provider computer may identify the machine-to-machine device andmay establish a communication session with the machine-to-machine devicevia the user device. In some embodiments, the service provider computermay receive a device identifier, such as a device name or devicelocation (e.g., an Internet Protocol address) from the user device. Theservice provider may identify the machine-to-machine device on a networkbased at least in part on the provided device identifier. In someembodiments, the service provider computer may ascertain the type ofmachine-to-machine device upon, or prior to, establishing a connectionwith the device. For example, a service provider may determine that themachine-to-machine device is a water meter based on the deviceidentifier supplied to it.

In accordance with at least some embodiments, the service layer 230 mayinclude a policy set 310. Policy set 310 may include rules 312 thatcomprise at least one or more of device rules 314 and authorizationrules 316. Device rules 314 may include rules related to transactionsthat are authorized for a particular device. For example, a device rulerelated to a water meter may indicate that the device is only able toperform transactions related to water usage. In another example, adevice rule associated with a smart refrigerator may indicate that therefrigerator is only able to perform transactions related to acquisitionof food. In some embodiments, the device rules 314 may include anindication of what electronic devices and/or merchants that device isable to interact with. In some embodiments, the device rules may berules that are provisioned onto a machine-to-machine device itself.

Authorization rules 316 may include indications of what is authorizedfor a particular device or payment instrument. In some cases, theauthorization rules may be based on user indicated preferences. Forexample, the user may create an authorization rule to associate the useof a particular payment instrument with a machine-to-machine device. Inthis example, even if the device is provisioned with multiple tokensassociated with multiple payment instruments, only a transactionassociated with the particular payment instrument will be authorized.The authorization rules may also include rules related to authorizationof transactions. For example, the authorization rules may indicate thata payment for water usage made by a water meter should only beauthorized once every two months. In this example, if the serviceprovider computer receives a request to complete a transaction a secondtime in a two-month period, the service provider may decline the requestaccording to the authorization rules 316. In some embodiments, theauthorization rules 316 may include an indication that a particulartransaction type (e.g., transactions for more than a threshold value,transactions with a particular vendor, or any other suitable transactiontype) must be approved by the user. In this scenario, the user may becontacted via the user device for approval. For example, the serviceprovider computer may send a short messaging service (SMS) message tothe user device requesting authorization for the transaction. In thisexample, the transaction may be authorized upon receiving a responsefrom the user device indicating that the transaction is authorized.

A service layer 230 may include a provisioning module 318 configured togenerate configuration information and send it to the machine-to-machinedevice to be stored thereon. In some embodiments, the provisioningmodule 318 may include a token generator 320 configured to generate anaccess credential to be stored on the machine-to-machine device. In someembodiments, the provisioning module 318 may include a device database322 for storing device information. In device database 322, a deviceidentifier provided by a user may be associated with that user. Inaddition, device database 322 may include a type of device associatedwith each device identifier. In some embodiments, the device database322 may include rules for generating a token that is device specific. Insome embodiments, a relationship may be stored with regard to a tokengenerated and the machine-to-machine device on which it is provisioned.

Token generator 320 may generate a token configured to allow access toone or more aspects of a user’s account with the service provider. Forexample, a token may be generated for a particular machine-to-machinedevice in order to allow it to use payment information in transactionsthat it performs without exposing the actual payment information to athird party. In this example, the token may be provided to a third partyby the machine-to-machine device in response to receiving a request tomake a payment. The third party may subsequently present the token tothe service provider to gain authorization for the release of fundsrelated to the transaction. The service provider may determine whetherthe token received from the third party is authentic, whether thetransaction is in compliance with policies associated with theoriginating machine-to-machine device, whether the funds for a paymentinstrument associated with the token are sufficient, and/or any othersuitable prerequisites for authorization have been met. Token generator320 may be responsible for the ongoing operation and maintenance of atoken vault storing the generated tokens and a mapping between thetokens and account information and/or payment information associatedwith the tokens. The token generator may be responsible for tokengeneration and issuance, as well as application of security and controlsto the generated tokens. The token generator 320 may register a userdevice that requests a token and provision the generated token onto theuser device and/or a machine-to-machine device.

In some embodiments, multiple tokens may be generated for a singlepayment instrument. The token generator 320 may access the devicedatabase 322 to identify any device specific token generation rules. Insome embodiments, a token may be generated such that the source of thetoken may be ascertained. In other words, a token may be generated for amachine-to-machine device such that the device (or type of device) maybe easily identified from the format or characters of the token. By wayof illustration, a token created for a water meter device may begin withthe characters WAT. This may allow for a service provider to immediatelydecline a transaction for water usage in which a provided payment tokendoes not begin with the characters WAT. In some embodiments, the paymentinstrument information may not be ascertainable from the token. Forexample, the token may be generated based on a random number. Therelationship between these tokens and the machine-to-machine device thatthey are provisioned on may be stored in device database 322. In someembodiments, the token may include information for a payment instrumentthat has been encrypted. For example, a token may be generated byencrypting a device identifier and user account number with anencryption key. In some embodiments, the encryption key may be based onthe type of machine-to-machine device for which the token is beinggenerated.

In embodiments of the invention, tokens may also be generated at anysuitable interval. For example, in some embodiments, tokens may begenerated and provisioned onto machine-to-machine devices only once, forevery transaction, or for each set of a predetermined number oftransactions. In some embodiments, a cryptogram may be accompany eachtoken when a payment transaction is attempted by a machine-to-machinedevice that stores the token. The cryptogram may be generated by anencryption key (e.g., a limited use key) that is stored on themachine-to-machine device with the token.

The provisioning module 318 may be configured to provide the generatedtoken and one or more rules 312 to the machine-to-machine device, to beused in future transactions via the communication channel 308. In someembodiments, the provisioning module 318 may store a relationshipbetween the token and the machine-to-machine device in a separate datastore 324. Subsequently, the service provider may receive a request toauthorize a transaction from a third party. The request may includeinformation related to the transaction and the payment token. In somecases, the request may also include the device identifier for themachine-to-machine device that provided the token. In the describedscenario, the service provider may check to make sure that the token isassociated with the device identifier. Upon determining that therelationship exists, the service provider may determine whether thetransaction is in compliance with any rules associated with the deviceidentifier before authorizing the transaction.

In some cases, a dynamic card verification value (dCVV) can be used. ThedCVV may be generated based on a counter that changes after everytransaction. For example, a machine-to-machine device and the serviceprovider may independently track the number of transactions performed bythe machine-to-machine device. When the machine-to-machine deviceinitiates a transaction, a dCVV may be generated based on the trackednumber of transactions. In some embodiments, the dCVV may be generatedbased on a time at which the transaction is initiated. The rules forgenerating a dCVV may be provided in a policy set that is provisionedonto the machine-to-machine device.

FIG. 4 depicts a process flow diagram illustrating an example techniquefor provisioning a device with relevant information in accordance withat least some embodiments. The process 400 is illustrated as a logicalflow diagram, each operation of which represents a sequence ofoperations that can be implemented in hardware, computer instructions,or a combination thereof. In the context of computer instructions, theoperations represent computer-executable instructions stored on one ormore computer-readable storage media that, when executed by one or moreprocessors, perform the recited operations. Generally,computer-executable instructions include routines, programs, objects,components, data structures, and the like that perform particularfunctions or implement particular data types. The order in which theoperations are described is not intended to be construed as alimitation, and any number of the described operations can be omitted orcombined in any order and/or in parallel to implement this process andany other processes described herein.

In accordance with one embodiment, the process 400 of FIG. 4 may beperformed by at least the one or more computer systems of the interfacelayer 218, the service layer 230, and the device layer 238 shown in FIG.2 . The code may be stored on a computer-readable storage medium, forexample, in the form of a computer program including a plurality ofinstructions executable by one or more processors. The computer-readablestorage medium may be non-transitory.

Process 400 may begin at 402, when a number of devices are discovered byan interface layer 218 of a user device via a discovery process. In someembodiments, the interface layer 218 may be implemented on one or moreof the user computers 120 depicted in FIG. 1 . In this process, multiplemachine-to-machine devices having wireless connectivity may beidentified as being within the vicinity of the user device. Theinterface layer 218 may then request a connection to a device layer 238of a selected machine-to-machine device at 404. In some embodiments, theuser device may connect to a machine-to-machine device using the samewireless capability that it used to discover the device. In someembodiments, a user device may utilize an alternative means ofconnecting to a machine-to-machine device. For example, the user devicemay connect to a machine-to-machine device via an infrared connection orit may be connected physically via a cable.

In some cases, the device layer 238 (which, in some embodiments may beimplemented in one or more of the machine-to-machine devices 130, 132,134, and 136 depicted in FIG. 1 ) may require that the user provideadditional assurance that the user is the owner of the selectedmachine-to-machine device before allowing the connection at 406. Forexample, the device layer 238 may require that the user enter a passwordor press a button physically located on the machine-to-machine device todemonstrate physical possession of the machine-to-machine device. Oncethe user is confirmed as having authorization to access themachine-to-machine device, the device layer 238 may allow the interfacelayer 218 of the user device to establish a connection at 408.

The interface layer 218 may also establish a connection to the servicelayer 230 of a service provider computer at 410. In some embodiments,the service layer 230 may be implemented on the service provider 150depicted in FIG. 1 . The service layer 230 may subsequently identify theuser and the machine-to-machine device to be provisioned in order toregister the machine-to-machine device as being associated with theuser. The service layer 230 may determine the identity of the user in anumber of ways. In one example, the user may be required to log into anaccount maintained at the service provider computer. The account mayinclude details indicating the user’s identity. In another example, theservice provider may determine an identity of the user based onreceiving, in the connection request, an identifier related to the userdevice (e.g., an Internet Protocol address, a telephone number, a serialnumber, etc.). The machine-to-machine device may be identified from adevice identifier relayed from the device layer 238 to the service layer230 via the interface layer 218. In some cases, the user device mayalready have been registered with the service provider. The registrationinformation for the device may then be used to identify the user. Inother cases, the service provider may utilize a lookup service, such asan Internet Protocol address lookup or caller identification. Once theuser’s identity and the device identifier have been determined, theservice layer may create an association between the two at 412. Forexample, the service layer 230 may store information in a database thatindicates the device identifier is associated with the user.

Once the machine-to-machine device has been associated with the user,the service layer 230 may identify one or more policies relevant to themachine-to-machine device at 414. One or more policies may be configuredby a user via interface layer 218. For example, the user may indicate amaximum purchase amount over a period of time (e.g., one week) for themachine-to-machine device. It may also indicate what types of goods orservices may be purchased by the machine-to-machine device. In anotherexample, the user may be notified when certain transactions are made orwhen one or more transactions involves a purchase exceeding apredetermined threshold. In some embodiments, a policy may only permitthe machine-to-machine device to conduct transactions for certainresource types (e.g., digital or physical), for a certain amount, withcertain merchants, and/or at certain times. For example, a smartrefrigerator may only be allowed to purchase groceries. Further, thesmart refrigerator may only be allowed to purchase groceries previouslyspecified by the user, groceries that are currently inside therefrigerator, groceries that are running low, and/or groceries fromstores located in a certain region. Some policies may specify when toalert the user about transactions and other events. For example, amessage (e.g., email, SMS, phone call, etc.) may be sent to the userdevice any time the machine-to-machine device makes a purchase or pays abill. In some embodiments, a transaction may not be allowed to takeplace unless the user indicates approval of the transaction (e.g., byreplying to the message above).

In some embodiments, the user may only be informed if a transaction isattempted that relates to an amount that exceeds or is below adetermined threshold. Additionally, a policy may specify what devices(such as the user device) can access the device layer 238 and changesettings/policies on the device layer 238.

In some embodiments, a policy may also provide an encryption mechanism.For example, the service provider may maintain an encryption key pairingwith respect to a device type. In this example, the service provider mayprovision the device with one key of the key pairing to be used by thedevice to encrypt transaction information. Further, access mechanismsand a password may be configured, and policies can be set regardingexpired payment information (e.g., how to obtain new paymentinformation).

In some embodiments, at least some of the policies identified as beingrelevant at 414 may be provisioned onto the machine-to-machine device.To do this, the policies may be transmitted to the interface layer 218of the user device and further relayed to the device layer 238 by theuser device at 416. The device layer 238 may subsequently store thereceived policies in a memory of the machine-to-machine device at 418.If the machine-to-machine device receives a request to complete atransaction, it may consult the stored policy information to determineif the transaction is authorized.

In some embodiments, the service provider computer may generate a tokenor other access credential to be associated with the machine-to-machinedevice at 420. In some embodiments, when the service provider issues atoken for a primary account number or payment instrument associated withan account, the account holder (user) may be asked to participate in theidentification and verification process during token generation. Forexample, the user may be asked to provide identification information toensure that the token is being generated for an account rightfully ownedby the user. By way of illustration, the user may be asked to log intoan account associated with the user by providing a username andpassword. In some embodiments, the user may already be associated withaccount information to be used in generating the token. For example,information stored in a user’s account, such as payment information or aprimary account number, may be used to generate the token. In someembodiments, the user may provide information to the service providerwith which to generate a token. For example, the user may provide, viathe interface layer 218, a credit card number to be associated with thegenerated token. In some embodiments, tokens that are generated by theservice layer 230 may be accompanied by a token expiration date. Thetoken expiration date may meet the format of a primary account numberexpiration date and may be the same date or different date than that ofthe actual primary account number. In various embodiments, tokens thatare generated in response to a token request from the user device areonly valid for transactions related to the primary function of thedevice for which the token has been issued. In some embodiments, theservice provider may generate a token assurance level to be provisionedonto a machine-to-machine device with the token. One technique for doingthis is described in U.S. Pat. Application number 14/514,290, to Powellet al., which is herein incorporated by reference.

Once the token or other access credential has been generated, it may beprovisioned onto the machine-to-machine device at 422. To do this, theaccess credential may be transmitted to the interface layer 218 of theuser device and further relayed to the device layer 238 by the userdevice at 424. The device layer 238 may subsequently store the receivedaccess credential in a memory of the machine-to-machine device at 426.Once fully provisioned with the access credential and any relevantpolicies, the machine-to-machine device may initiate, or respond to arequest for, a transaction with at least one other electronic device.

Although the above description provides that the interface layer 218 maybe present on a user device separate from the machine-to-machine device,it should be noted that, in at least some embodiments, the interfacelayer 218 may reside on the machine-to-machine device itself. Forexample, a machine-to-machine device may include a display and one ormore input devices configured to receive user input. In theseembodiments, the user may request provisioning of the machine-to-machinedevice as described in the current specification from themachine-to-machine device.

In some embodiments, the service provider may receive an indication thatthe access credentials associated with a user’s account have changed orare otherwise not valid. For example, the service provider may determinethat the user’s payment information has expired. In these cases, theuser may be required to provide new payment information. For example,the user may be required to update his or her account with a new creditcard number. Upon determining that the payment information has beenupdated, the service provider may generate a second access credential tobe associated with the new payment information. For example, uponreceiving updated credit card information, the service provider maygenerate a second token to be associated with the new credit cardinformation. In some embodiments, the second access credential may beprovisioned onto the machine-to-machine device without further userinteraction. For example, upon generation of a new access credential tobe associated with a machine-to-machine device, the service provider mayexecute 422 -426 of the process 400 in order to provision the new accesscredential onto the machine-to-machine device.

FIG. 5 depicts a flow diagram illustrating an automated payment processin accordance with some embodiments of the invention. In FIG. 5 , afirst electronic device 502, which may be a machine-to-machine device,determines that a transaction should be conducted with respect to aresource (e.g., that a resource needs to be obtained). Thisdetermination may be made without human intervention. For example, thefirst electronic device may utilize a set of rules that dictate underwhat circumstances the resource should be obtained. The first electronicdevice may establish a communication session with a second electronicdevice 504 owned/operated by a resource manager at 506. For purposes ofillustration, the first electronic device 502 may be a smartrefrigerator, while the second electronic device 504 may be a servercomputer that is operated by a merchant such as a grocery store.

In a first example, the first electronic device may include a policythat indicates a payment for resource usage should be made on the firstof each month. In this example, the first electronic device, upondetermining that a date/time condition in the policies has been met, mayinitiate contact with the second electronic device to request atransaction. In a second example, the first electronic device 502 mayestablish a communication session with the second electronic device 504upon detecting the presence of the second electronic device. The firstelectronic device may communicate, via the communication session, anamount of a resource that it requires. The second electronic device mayconsult a rate chart and/or an item catalog to determine an appropriatereimbursement for the requested amount of the resource. In someembodiments, the second electronic device may also provide a shippingcost to the first electronic device. If the transaction details (amountof the resource, proposed reimbursement, shipping costs, etc.) are incompliance with policies stored on the first electronic device, then atransaction authorization request may be initiated from either the firstelectronic device or the second electronic device.

For purposes of illustration, the first electronic device 502 may be asmart refrigerator, while the second electronic device 504 may be aserver computer that is operated by a merchant such as a grocery store.The first electronic device may determine (through internal sensors)that it is low on eggs and milk. Upon this determination, the firstelectronic device may contact the second electronic device operated by agrocery store. When contacting the grocery store, the first electronicdevice 502 may provide a payment token to the second electronic device504, and the grocery store may conduct the payment transaction asfurther explained below. After the payment process has concluded, thegrocery store may then automatically send the milk and eggs to thehousehold that has the first electronic device. All of this may beperformed without any user intervention.

In some embodiments, the transaction authorization request message maybe initiated by the first electronic device 502 by sending thetransaction details and payment information to an acquirer computer 508at 510. The acquirer computer 508 receives the transaction details andpayment information and determines an appropriate payment entity toroute an authorization request message to. In some embodiments, theformat and/or characters of the payment information may be used toindicate the payment entity. For example, a payment information numberbeginning with 4012 may be associated with a payment processing networksuch as Visanet. In some embodiments, the acquirer computer maydetermine that the payment information is associated with a token. Tokeninformation may be maintained by token service provider. A token serviceprovider may be an entity, not necessarily associated with the actualpayment entity, that stores and maintains relationships between tokensand actual account numbers used for payment. The token service providermay operate one or more computers, as well as the service layer 230depicted in FIGS. 2 - 4 .

Once the acquirer computer 510 has determined where an authorizationrequest is to be routed, the acquirer computer may transmit theauthorization request message to the appropriate payment entity at 512.If the payment information comprises a token, then the authorizationrequest message may be routed to a token service provider 514 at 512.The token service provider may be provided in a transaction processingnetwork. An exemplary transaction processing network may includeVisaNet™. Transaction processing networks such as VisaNet™ are able toprocess credit card transactions, debit card transactions, and othertypes of commercial transactions. VisaNet™, in particular, includes aVIP system (Visa Integrated Payments system) which processesauthorization requests and a Base II system which performs clearing andsettlement services. The transaction processing network may use anysuitable wired or wireless network, including the Internet.

The token service provider 514 may query a token vault (a data storeconfigured to store associations between tokens and actual paymentinformation) to retrieve actual payment account information details. Inthis way, the token service provider 514 de-tokenizes the payment tokento obtain an actual primary account number or PAN at 516. In someembodiments, the token service provider 514 may perform one or moremathematical calculations to identify actual payment account informationfrom the token, or it may simply retrieve the actual payment accountinformation. The token service provider 514 may then forward theauthorization request message, along with the actual payment accountinformation, to the authorization computer 518 operated by the paymententity (which may be an issuer) at 520. In some embodiments, theauthorization request message may also include the token so that theauthorization entity is able to associate the token with theauthorization request.

The authorization computer 518 receives the authorization requestmessage at 520 and determines if the transaction should be authorized.For example, the authorization computer may decline the transaction ifthere is a high likelihood of fraud. In another example, theauthorization computer may decline the transaction if the paymentaccount has insufficient funds. Once the authorization computer hasdecided whether to approve or decline the transaction, an authorizationresponse message may be sent to the token service provider at 522.

The token service provider 514, upon receiving the authorizationresponse message, may re-tokenize the message at 524 by querying thetoken vault to identify the token from the actual payment accountinformation included in the authorization response message. The tokenservice provider may then remove any actual payment account informationout of the response and replace it with the token payment information.The authorization response message comprising the payment token may thenbe provided to the acquirer computer at 526.

The acquirer computer may, upon receiving the response, determinewhether the transaction has been approved or declined. In either case,the authorization response message may be provided to the secondelectronic device at 528 and/or the first electronic device at 530. Ifthe transaction has been authorized, the first electronic device maycomplete the transaction with the second electronic device. Thecompletion of the transaction may be conducted without humanintervention. For example, the transaction may be conducted withoutacquiring authorization from a user or otherwise requiring action on auser’s behalf.

At some later point in time, a clearing and settlement process betweenthe acquirer computer 510 and the authorization computer 518 may occur,and funds may be transferred from the authorization computer to theacquirer computer.

It should be noted that although the second electronic device isdepicted as being a separate device from the acquirer computer, the twodevices may be the same device. For example, the first electronic devicemay contact the acquirer computer directly to request an amount of aresource. Additionally, the token service provider and authorizationcomputer may be maintained by the same entity. For example, both thetoken service provider and the authorization computer may be maintainedand operated by a credit card issuer. In some embodiments, the paymentinformation may not be tokenized (though it might still be encrypted).In these embodiments, one skilled in the art would recognize that figurereferences 508, 514, and 524 are not necessary to the disclosure.Additionally, the acquirer computer may communicate with theauthorization computer directly.

FIG. 6 depicts the use of a collection device to interact with aprovisioned machine-to-machine device in accordance with at least someembodiments. In some embodiments, a machine-to-machine device may beconnected to a network. Machine-to-machine devices that are connected toa network may contact a resource manager directly in order to conduct atransaction. For example, an electric meter in communication with aserver operated by the local utility company may contact the serverdirectly to make a payment for electricity usage in accordance with atleast some embodiments. However, if the machine-to-machine device is notconnected to a network, then a transaction needs to be conducted in adifferent manner. One such technique is illustrated by FIG. 6 , in whicha collection device 602 may enter the proximity of one or moremachine-to-machine devices 604. The collection device 602 may be anyelectronic device operated by, or with authority from, a resourcemanager. For example, the collection device 602 may be a meter readerconfigured to communicate with an electric meter to collect electricityusage information on behalf of a local utility company. In someembodiments, the collection device may be in communication with abackend server or other electronic device. For example, a collectiondevice may have a connection to a wireless network (e.g., 3G, 4G orsimilar networks) to a server hosted by the resource manager.

The collection device 602 may be configured to perform one or more stepsof a collection process 606. In this example, the collection device 602,upon entering a geographic location or in response to a request by auser of the collection device, may attempt to discover localmachine-to-machine devices at 608. Once discovered, the collectiondevice may initiate a rule comparison. In some embodiments, thecollection device 602 may send a discovered machine-to-machine device anindication of a type of transaction to be performed. Themachine-to-machine device 604 may then compare the transaction type to astored policy to determine whether the transaction type is one that themachine-to-machine device is authorized to perform. If themachine-to-machine device 604 is authorized to perform the transaction,then it may transmit a response to the collection device 602. In someembodiments, the machine-to-machine device 604 may publish a type oftransaction that it is authorized to perform. For example, the electricmeter mentioned above may publish that it is able to pay for electricityusage. In this example, a meter reader (collection device 602) maydetect the electric meter (machine-to-machine device 604) and identifythat it is capable of performing transactions related to electricityusage. In this example, the meter reader may compare the publishedtransaction type to a policy stored on the meter reader to determinethat a transaction should be performed at 610.

Once the machine-to-machine device 604 and the collection device 602have determined that a transaction is authorized, the two electronicdevices may conduct a transaction. This may involve the collectiondevice collecting transaction information from the machine-to-machinedevice at 612. The collection device 602 may collect resourceinformation from the machine-to-machine device. For example, thecollection device may collect information related to an amount ofresource used or an amount of resource needed. Either the collectiondevice 602 or the machine-to-machine device 604 may then calculate anappropriate reimbursement for the resource. If the transaction is incompliance with the policies stored on the machine-to-machine device604, then the collection device 602 may collect an access credential orpayment information from the machine-to-machine device at 612. In someembodiments, the collection device 602 may send credential informationto the machine-to-machine device 604 to validate that the collectiondevice 602 is authorized to collect the payment information.

Upon receiving the credential information from the machine-to-machinedevice, the collection device may contact the service provider or anauthorization server to request release of a payment in accordance withthe transaction at 614. (e.g., in a manner similar to or different thanthe flow in FIG. 5 ). The service provider may authorize the paymentupon validating the payment information or access credential andensuring that the transaction is in compliance with policies stored atthe service provider. In some embodiments, the collection device 602 maynot have communication access to the service provider. The collectiondevice 602 may store the transaction information until it is able torequest authorization for the transaction. It should be noted thatalthough the collection device 602 is described as requestingauthorization for a transaction, the collection device 602 may providethe transaction information to a server maintained by the resourcemanager, and the resource manager may contact the service provider toget authorization for the transaction.

By way of illustration, an example machine-to-machine device may be arefrigerator that is authorized to purchase groceries. In this example,the machine-to-machine device may have stored in memory a grocery list(a list of items that are to be purchased) as well as one or morepolicies. At least some of the policies may indicate a maximum amountthat may be spent on a particular item. In this example, a mobilegrocery vendor may enter the vicinity of the refrigerator and, using acollection device, determine that the refrigerator is in need of the oneor more items from the grocery list. The refrigerator may provide thegrocery list to the collection device and the collection device mayconsult an item catalog to determine prices for each of the items on thelist. The collection device may then provide the determined prices tothe refrigerator. In some embodiments, the refrigerator may subsequentlydetermine whether the price for each grocery item involved in thetransaction is in compliance with the policies, and remove any groceryitem from the transaction that is not. In some embodiments, a policy mayindicate a maximum amount to spend on a total order. Upon determiningthat the transaction is in compliance with the policies, the transactionis completed. The mobile grocery vendor may leave the requestedgroceries on the doorstep of the house containing the refrigerator. Thecollection device collects payment information from the refrigerator andsends an authorization request to the service provider to gain access topayment information.

In some embodiments, a token may be generated for a particular type ofmachine-to-machine device without having been provided a deviceidentifier. The token may be stored on a user device for future use. Forexample, a user may request generation of a token related to parkingmeters. In this example, the service provider computer may generate atoken to be stored on the user device that is associated with the user’spayment information and will allow parking meters to conducttransactions. The user may subsequently utilize the user device toperform a transaction with a parking meter. For example, the user mayutilize the user device to interact with a parking meter and requestparking. The user device may then provision the payment token onto theparking meter. In this example, the parking meter may be configured todetect the presence of a vehicle and may continue to toll the providedpayment token for as long as the vehicle is present. In another example,the user may elect a timeframe from the parking meter for which to bebilled.

In accordance with at least some embodiments, a machine-to-machinedevice may maintain a “tab” or balance for a particular user. Forexample, in a scenario in which a vending machine with wirelesscapabilities (a machine-to-machine device) is placed outside of networkcoverage, the vending machine may be configured to collect tokens fromone or more user devices in exchange for vended products. In thisscenario, the user device may, in response to receiving a request forpayment, provide the vending machine with a pre-generated token. Thevending machine may check the format and/or content of the providedtoken in order to assess whether the token is likely to be valid. If thevending machine determines that the token is likely valid, then it maystore the token in relation to a balance owed for the user device anddispense a requested good. A collection agent may enter the proximity ofthe vending machine with a collection device at a subsequent time, atwhich point the vending machine may provide any stored payment tokensand balances to the collection device. In some embodiments, thecollection device may contact the service provider for authorization ofthe previously conducted transactions upon re-entering network coverage.After transmitting the information to the collection device, the vendingmachine may continue to maintain the token, but with a zeroed balance,or it may delete the payment token and balance.

Some machine-to-machine devices may be associated with a single user andsome machine-to-machine devices may be associated with multiple users.For example, a machine-to-machine device may include provisionedinformation related to multiple users that consume a single resource. Inthis example, the machine-to-machine device may enter into a transactionrelated to the resource for each user either individually or within asingle transaction. By way of illustration, a household may consist ofthree roommates that each split utility payments equally. In thisillustration, the water meter may be provisioned with payment instrumentinformation for each of the three roommates. Upon receiving a request tomake a payment for water usage, the water meter may present each of thethree payment instruments to each be charged for a third of the waterusage. In this illustration, payment instrument information for each ofthe three roommates may be stored on the machine-to-machine device andthe service provider computer may store an indication that all threeroommates are associated with the water meter.

Additionally, a machine-to-machine device may be provisionedtemporarily. By way of illustration, consider a scenario in which a userrents a vehicle. The vehicle may be provisioned with the user’s paymentinformation for the duration of the rental. The rental vehicle may be amachine-to-machine device in that as the rental vehicle passes a tollbooth, the vehicle may be configured to interact with an electronicdevice within the toll booth to pay a fee for using the road. In thisscenario, the toll may be charged directly to the user’s paymentinformation instead of to the vehicle rental company. Upon the return ofthe vehicle to the rental company, the provisioned payment informationmay be removed from the vehicle. This limits risk of nonpayment for thevehicle rental company and prevents the user from paying toll fees thathave been marked up by the vehicle rental company.

In accordance with at least some embodiments, the system, apparatus,methods, processes and/or operations for event processing may be whollyor partially implemented in the form of a set of instructions executedby one or more programmed computer processors such as a centralprocessing unit (CPU) or microprocessor. Such processors may beincorporated in an apparatus, server, client or other computing deviceoperated by, or in communication with, other components of the system.As an example, FIG. 7 depicts aspects of elements that may be present ina computer device and/or system 700 configured to implement a methodand/or process in accordance with some embodiments of the presentinvention. The subsystems shown in FIG. 7 are interconnected via asystem bus 702. Additional subsystems such as a printer 704, a keyboard706, a fixed disk 708, a monitor 710, which is coupled to a displayadapter 712. Peripherals and input/output (I/O) devices, which couple toan I/O controller 714, can be connected to the computer system by anynumber of means known in the art, such as a serial port 716. Forexample, the serial port 716 or an external interface 718 can beutilized to connect the computer device 700 to further devices and/orsystems not shown in FIG. 7 including a wide area network such as theInternet, a mouse input device, and/or a scanner. The interconnectionvia the system bus 702 allows one or more processors 720 to communicatewith each subsystem and to control the execution of instructions thatmay be stored in a system memory 722 and/or the fixed disk 708, as wellas the exchange of information between subsystems. The system memory 722and/or the fixed disk 708 may embody a tangible computer-readablemedium.

Embodiments of the invention provide for a number of technicaladvantages. Embodiments of the invention allow for different machines toconduct access transactions (e.g., payment transactions) with othermachines without human intervention. Also, because tokens are usedinstead of real account credentials, the processing between devices issecure.

It should be understood that the present invention as described abovecan be implemented in the form of control logic using computer softwarein a modular or integrated manner. Based on the disclosure and teachingsprovided herein, a person of ordinary skill in the art will know andappreciate other ways and/or methods to implement the present inventionusing hardware and a combination of hardware and software.

Any of the software components, processes or functions described in thisapplication may be implemented as software code to be executed by aprocessor using any suitable computer language such as, for example,Java, C++ or Perl using, for example, conventional or object-orientedtechniques. The software code may be stored as a series of instructions,or commands on a computer readable medium, such as a random accessmemory (RAM), a read only memory (ROM), a magnetic medium such as ahard-drive or a floppy disk, or an optical medium such as a CD-ROM. Anysuch computer readable medium may reside on or within a singlecomputational apparatus, and may be present on or within differentcomputational apparatuses within a system or network.

All references, including publications, patent applications, andpatents, cited herein are hereby incorporated by reference to the sameextent as if each reference were individually and specifically indicatedto be incorporated by reference and/or were set forth in its entiretyherein.

Different arrangements of the components depicted in the drawings ordescribed above, as well as components and steps not shown or describedare possible. Similarly, some features and sub-combinations are usefuland may be employed without reference to other features andsub-combinations. Embodiments of the invention have been described forillustrative and not restrictive purposes, and alternative embodimentswill become apparent to readers of this patent. Accordingly, the presentinvention is not limited to the embodiments described above or depictedin the drawings, and various embodiments and modifications can be madewithout departing from the scope of the claims below.

For example, although the specific examples described above relate topayment, it is understood that other types of transactions can beconducted and that embodiments of the invention are not limited topayment transactions. For example, a first device may seek to accessdata on a second device, and may request authorization in a similarmanner to that described above with respect to payment transactions.

What is claimed is:
 1. An electronic device comprising: an input sensorconfigured to detect consumption of a resource; a processor; and amemory including instructions that, when executed with the processor,cause the system to at least: receive, from a service provider computer,an access token and a policy; initiate a transaction in accordance withthe policy by: establishing a communication session with a secondelectronic device that manages the resource; requesting access to theresource based at least in part on the consumption of the resourcedetected by the input sensor; and providing the access token to thesecond electronic device.
 2. The electronic device of claim 1, whereinthe access token is stored in a secure memory of the electronic device.3. The electronic device of claim 1, wherein a primary function of theelectronic device is to monitor consumption of the resource.
 4. Theelectronic device of claim 1, wherein the policy restricts thetransaction to a purchase of the resource.
 5. The electronic device ofclaim 1, wherein the policy indicates at least one condition upon whicha transaction is to be initiated.
 6. The method of claim 5, wherein theone condition includes liming the transaction to transactions associatedwith a type of the electronic device.
 7. The method of claim 5, whereinthe one condition includes a data or time condition associated with thetransaction.
 8. A method comprising; storing, by a first electronicdevice; an access credential in a secure memory in the first electronicdevice; determining, by the first electronic device and without humanintervention, that a resource associated with the first electronicdevice needs to be obtained; in response to determining that theresource needs to be obtained, transmitting the access credential to asecond electronic device, the second electronic device operated by aresource provider, wherein the resource provider thereafter conducts atransaction using the access credential and then provides the resourceto the first electronic device without human intervention.
 9. The methodof claim 8, wherein the access credential is a token.
 10. The method ofclaim 8, wherein the access token is stored in a secure memory of theelectronic device.
 11. The method of claim 8, wherein a primary functionof the electronic device is to monitor consumption of the resource. 12.The method of claim 8, further comprising receiving, from a serviceprovider computer, a policy.
 13. The method of claim 12, wherein thepolicy restricts the transaction to a purchase of the resource.
 14. Themethod of claim 12, wherein the policy indicates at least one conditionupon which a transaction it to be initiated.
 15. The method of claim 14,wherein the one condition includes liming the transaction totransactions associated with a type of the electronic device.
 16. Themethod of claim 14, wherein the one condition includes a data or timecondition associated with the transaction.
 17. The method of claim 12,wherein the service provider computer previously determined the accesscredential based on a user device associated with the first electronicdevice.
 18. A first electronic device comprising: a processor; and acomputer readable medium comprising code, executable by the processor,for implementing a method comprising storing an access credential in asecure memory in the first electronic device; determining, without humanintervention, that a resource associated with the first electronicdevice needs to be obtained; in response to determining that theresource needs to be obtained, transmitting the access credential to asecond electronic device, the second electronic device operated by aresource provider, wherein the resource provider thereafter conducts atransaction using the access credential and then provides the resourceto the first electronic device without human intervention.